Re: pgcrypto: fix for broken solaris openssl, v03

Marko Kreen wrote:
> solaris openssl refuses to handle keys longer than 128bits.
>
> * aes will crash on longer keys
> * blowfish will silently cut the key which can result
>   data corruption
>
> to fix it:
>
> - test errors from AES functions
> - bf errors cannot be tested, do test encryption
> - change aes compat macros to static function so they
>   can return values
>

Tested on Solaris Nevada and works fine.

> More general appriaches that also fix the problems are:
>
> - test all ciphers on first use and test fails then disable
> completely.  This is nice as it could detect much braded range
> of errors.
>
> Problem with this approach is that its too big overhead for small
> gain, as it cannot still 100% guarantee that everything is working
> correctly.
>
> - Use EVP functions for encryption as they have better error
> handling.  So crippled openssl can report via regular means
> that something is not supported.

+1 for EVP solution.


        Thank you very much

            Zdenek